Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/b91e11f7-77fd-4191-887a-c1f9a32699b4.roa
File:                     b91e11f7-77fd-4191-887a-c1f9a32699b4.roa (raw, json)
Hash identifier:          lHLVdQeUYBytlhwBJY+4PAE+ju1ZLhz5OfcgTzEnmi4=
Subject key identifier:   AA:4C:1A:27:9F:C8:19:4E:E1:2F:BC:36:2A:C4:FD:0D:2D:40:CE:D0
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       3B22BFD85BA9526799614C71743EA4B94DDF2C53
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/b91e11f7-77fd-4191-887a-c1f9a32699b4.roa
Signing time:             Wed 25 Jun 2025 01:21:58 +0000
ROA not before:           Wed 25 Jun 2025 01:21:58 +0000
ROA not after:            Wed 30 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2606:8140:500::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 25 Jun 2025 15:06:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:22:bf:d8:5b:a9:52:67:99:61:4c:71:74:3e:a4:b9:4d:df:2c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jun 25 01:21:58 2025 GMT
            Not After : Jul 30 23:59:59 2025 GMT
        Subject: serialNumber=6fec703fea990e755318316e38b546453a04af00d531fe5c1edec7b5c95b5854, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a4:f0:c3:f8:d6:e6:68:76:d9:31:a0:d3:4f:
                    31:d4:6a:ec:a4:2a:83:ff:23:9a:42:1b:67:27:73:
                    af:26:40:46:a3:63:91:2b:9f:1b:13:e5:0f:70:fd:
                    55:e9:cf:06:94:2b:52:40:c8:08:ec:d3:67:a7:76:
                    48:4f:ca:69:a1:3d:ca:15:f7:01:9e:95:60:58:58:
                    79:6d:ba:70:a6:9b:42:80:21:8b:97:6d:c0:c2:eb:
                    96:56:ee:9b:99:fd:39:6c:1b:14:3c:40:52:e3:0b:
                    c7:57:b6:e0:3f:f7:f0:0c:77:d2:1d:9d:4c:82:f0:
                    da:6d:27:0f:6b:1c:2c:22:cb:52:7d:af:7d:fa:3f:
                    db:a6:e8:6c:ad:f0:47:3c:54:e0:c0:81:d8:31:64:
                    6d:6b:1e:f2:16:9d:31:1b:0f:1c:16:f1:16:0e:0f:
                    39:60:80:b7:27:b9:4d:6d:6e:3a:20:a5:c4:7c:aa:
                    4a:9d:c6:26:d8:21:3b:26:4d:3f:0d:24:ee:ff:83:
                    44:1d:e0:ed:14:f3:f3:13:ce:41:10:41:ea:e7:35:
                    93:01:c0:0d:3f:8e:77:25:03:17:eb:24:f3:fb:8e:
                    24:52:72:fe:ef:f8:18:7d:d9:13:80:0c:02:0a:a4:
                    0f:5c:fe:57:f9:2b:36:4f:29:a8:ae:89:74:b9:ed:
                    23:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4C:1A:27:9F:C8:19:4E:E1:2F:BC:36:2A:C4:FD:0D:2D:40:CE:D0
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/b91e11f7-77fd-4191-887a-c1f9a32699b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:8140:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         08:43:0a:30:a3:fa:4a:62:46:bb:e2:af:4f:80:4d:4b:4e:e1:
         cd:56:19:75:fa:80:7c:e5:95:c1:67:6b:2e:10:11:e7:d8:9a:
         e0:e8:3c:d2:ca:da:e1:8a:bd:f5:ee:ba:8b:09:78:e3:3a:55:
         99:85:7e:1f:fc:67:f7:56:ec:f9:cb:f3:30:ba:f2:4d:25:ef:
         0b:03:48:9a:9f:28:a4:75:fa:6d:e2:59:bc:f6:58:5e:54:4c:
         91:41:3d:73:84:2a:83:9d:c5:d4:58:bb:84:2b:4f:99:6d:d9:
         47:ba:69:0a:12:6c:f5:df:49:7a:ec:91:dd:0a:e5:88:24:6b:
         ba:1d:de:de:f8:cf:1a:64:9d:f6:05:96:d2:0b:b3:65:3f:3a:
         87:18:87:9b:61:25:0e:4f:74:df:df:30:b0:f1:8a:e0:d2:db:
         68:28:cc:a9:57:a9:5c:e1:32:a9:1a:90:f8:3b:d1:db:94:dd:
         ca:9c:a7:7a:80:61:11:ef:96:36:d0:e5:54:94:01:ec:c1:a1:
         f6:70:45:32:d3:1a:b1:be:66:70:8d:af:81:cd:5e:76:ef:6b:
         02:1f:c7:5e:a5:d0:00:e2:84:12:89:1f:8c:90:cf:d0:8a:eb:
         d1:b2:3a:b7:05:68:75:0e:02:0f:06:34:1f:59:df:2c:9c:86:
         f0:98:5a:e3
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUOyK/2FupUmeZYUxxdD6kuU3fLFMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNjI1MDEyMTU4WhcNMjUwNzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZmVjNzAzZmVhOTkwZTc1NTMxODMxNmUzOGI1NDY0NTNh
MDRhZjAwZDUzMWZlNWMxZWRlYzdiNWM5NWI1ODU0MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOpPDD+NbmaHbZMaDTTzHUauykKoP/I5pCG2cnc68mQEaj
Y5ErnxsT5Q9w/VXpzwaUK1JAyAjs02endkhPymmhPcoV9wGelWBYWHltunCmm0KA
IYuXbcDC65ZW7puZ/TlsGxQ8QFLjC8dXtuA/9/AMd9IdnUyC8NptJw9rHCwiy1J9
r336P9um6Gyt8Ec8VODAgdgxZG1rHvIWnTEbDxwW8RYODzlggLcnuU1tbjogpcR8
qkqdxibYITsmTT8NJO7/g0Qd4O0U8/MTzkEQQernNZMBwA0/jnclAxfrJPP7jiRS
cv7v+Bh92ROADAIKpA9c/lf5KzZPKaiuiXS57SORAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUqkwaJ5/IGU7hL7w2KsT9DS1AztAwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2I5MWUxMWY3LTc3ZmQtNDE5MS04ODdhLWMxZjlhMzI2OTliNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmBoFABTANBgkqhkiG9w0BAQsFAAOCAQEACEMKMKP6SmJGu+KvT4BNS07h
zVYZdfqAfOWVwWdrLhAR59ia4Og80sra4Yq99e66iwl44zpVmYV+H/xn91bs+cvz
MLryTSXvCwNImp8opHX6beJZvPZYXlRMkUE9c4Qqg53F1Fi7hCtPmW3ZR7ppChJs
9d9JeuyR3QrliCRruh3e3vjPGmSd9gWW0guzZT86hxiHm2ElDk90398wsPGK4NLb
aCjMqVepXOEyqRqQ+DvR25TdypyneoBhEe+WNtDlVJQB7MGh9nBFMtMasb5mcI2v
gc1edu9rAh/HXqXQAOKEEokfjJDP0Irr0bI6twVodQ4CDwY0H1nfLJyG8Jha4w==
-----END CERTIFICATE-----